RubyGems - jwt-multisig - Versions diffs - 1.0.0.beta.2 → 1.0.4 - Mend

jwt-multisig 1.0.0.beta.2 → 1.0.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 159da66d2cc0b3e57856fbe1e5f268f81bbbdc5e3fc687fa1506c0e463761c1e
-  data.tar.gz: 9b4d51b4d4d2ece805222318607414cf71083b5a88ab841f449a58b664801a07
+  metadata.gz: 5edf239b75b41453236a1d170ab81b6233ab334df41805c916ebc0c89a28a1e6
+  data.tar.gz: 3d634939c51b36d78feab51e9d71275feca0386e7f31a8927dac6085ff3c461c
 SHA512:
-  metadata.gz: 4356ca2080f40bea7a82eef1147a2d5f98fdd1858536f3c42bce1c462400ec399a4572f26a1594dca2620277a8ccf6be1de4ef970d314aabc5a8e0ee3341ca00
-  data.tar.gz: 859426ff00622cc17b7a8e6f7d2004278768abc700905b931c44fa12b9746dd40baa92caa3bf245a60670bc494598cf661f56e4985947bdb87786ed479a0da77
+  metadata.gz: 91988aafe86882352b806addea59a6390140d2e258817507783bbf5c2addda3cdb028d821a771179568b9bbb461ac04432d1e384472f0894a45b97dc396477c2
+  data.tar.gz: 99c553c60a72d97233de4012e06a7a1a12ffb8e5f7eef1cd5fab16c801781f31d606954d84ee27440fbe1b4c61020b9f1e3d92472120c5403818dc6d36cca069

data/.drone.yml ADDED

@@ -0,0 +1,29 @@
+---
+kind: pipeline
+name: default
+steps:
+  - name: Run tests
+    image: ruby:2.6
+    commands:
+      - bundle install
+      - bundle exec rake test
+  - name: Release gems
+    image: ruby:2.6
+    environment:
+      GEM_CREDENTIALS:
+        from_secret: gem_credentials
+    commands:
+      - mkdir -p ~/.gem
+      - echo $GEM_CREDENTIALS | base64 -d > ~/.gem/credentials
+      - chmod 0600 ~/.gem/credentials
+      - gem build jwt-multisig.gemspec
+      - gem push jwt-multisig-*.gem
+    when:
+      branch:
+        - master
+trigger:
+  event:
+    - push

data/.ruby-version CHANGED

	@@ -1 +1 @@
1	- 2.5.0
1	+ 2.6.3

data/.travis.yml CHANGED

@@ -3,16 +3,14 @@ language: ruby
 cache: bundler
 rvm:
-  - 2.2
-  - 2.3
-  - 2.4
   - 2.5
+  - 2.6
 env:
   - RAKE_ENV=test BUNDLE_PATH=vendor/bundle
 before_install:
-  - gem install bundler
+  - gem install bundler -v 1.17.3
 install:
   - bundle install

data/Gemfile.lock CHANGED

@@ -1,41 +1,43 @@
 PATH
   remote: .
   specs:
-    jwt-multisig (1.0.0.beta.2)
-      activesupport (>= 4.0, < 6.0)
-      jwt (~> 2.1)
+    jwt-multisig (1.0.4)
+      activesupport (>= 4.0)
+      jwt (~> 2.2)
 GEM
   remote: https://rubygems.org/
   specs:
-    activesupport (5.1.5)
+    activesupport (6.0.3.4)
       concurrent-ruby (~> 1.0, >= 1.0.2)
-      i18n (~> 0.7)
+      i18n (>= 0.7, < 2)
       minitest (~> 5.1)
       tzinfo (~> 1.1)
-    concurrent-ruby (1.0.5)
-    i18n (0.9.5)
+      zeitwerk (~> 2.2, >= 2.2.2)
+    concurrent-ruby (1.1.7)
+    i18n (1.8.5)
       concurrent-ruby (~> 1.0)
-    jwt (2.1.0)
-    memoist (0.16.0)
-    minitest (5.11.3)
-    power_assert (1.1.1)
-    rake (12.3.1)
-    test-unit (3.2.7)
+    jwt (2.2.2)
+    memoist (0.16.2)
+    minitest (5.14.2)
+    power_assert (1.2.0)
+    rake (12.3.3)
+    test-unit (3.3.6)
       power_assert
     thread_safe (0.3.6)
-    tzinfo (1.2.5)
+    tzinfo (1.2.7)
       thread_safe (~> 0.1)
+    zeitwerk (2.4.0)
 PLATFORMS
   ruby
 DEPENDENCIES
-  bundler (~> 1.16)
+  bundler (~> 1.17)
   jwt-multisig!
   memoist (~> 0.16)
   rake (~> 12.3)
   test-unit (~> 3.1)
 BUNDLED WITH
-   1.16.1
+   1.17.3

data/Rakefile CHANGED

@@ -4,3 +4,5 @@
 require "rake/testtask"
 Rake::TestTask.new { |t| t.libs << "test" }
+task(:release) { Kernel.system "gem build *.gemspec && gem push *.gem && rm *.gem" }

data/jwt-multisig.gemspec CHANGED

@@ -17,7 +17,7 @@ Gem::Specification.new do |s|
   s.test_files      = `git ls-files -z -- {test,spec,features}/*`.split("\x0")
   s.require_paths   = ["lib"]
-  s.add_dependency             "jwt",           "~> 2.1"
-  s.add_dependency             "activesupport", ">= 4.0", "< 6.0"
-  s.add_development_dependency "bundler",       "~> 1.16"
+  s.add_dependency             "jwt",           "~> 2.2"
+  s.add_dependency             "activesupport", ">= 4.0"
+  s.add_development_dependency "bundler",       "~> 1.17"
 end

data/lib/jwt-multisig.rb CHANGED

@@ -5,6 +5,7 @@ require "jwt"
 require "openssl"
 require "active_support/core_ext/hash/keys"
 require "active_support/core_ext/hash/slice"
+require "active_support/core_ext/hash/indifferent_access"
 module JWT
   #
@@ -39,8 +40,11 @@ module JWT
       # @raise [JWT::EncodeError]
       def generate_jwt(payload, private_keychain, algorithms)
         proxy_exception JWT::EncodeError do
+          algorithms_mapping = algorithms.with_indifferent_access
           { payload:    base64_encode(payload.to_json),
-            signatures: private_keychain.map { |id, value| generate_jws(payload, id, value, algorithms.fetch(id)) } }
+            signatures: private_keychain.map do |id, value|
+              generate_jws(payload, id, value, algorithms_mapping.fetch(id))
+            end }
         end
       end
@@ -112,12 +116,14 @@ module JWT
       #   The returning value contains payload, list of verified, and unverified signatures (key ID).
       #   Example:
       #     { payload:    { sub: "session", profile: { email: "username@mailbox.example" },
-      #       verified:   ["backend-1.mycompany.example", "backend-3.mycompany.example"],
-      #       unverified: ["backend-2.mycompany.example"] }
+      #       verified:   [:"backend-1.mycompany.example", :"backend-3.mycompany.example"],
+      #       unverified: [:"backend-2.mycompany.example"] }
       #     }
       # @raise [JWT::DecodeError]
       def verify_jwt(jwt, public_keychain, options = {})
         proxy_exception JWT::DecodeError do
+          keychain           = public_keychain.with_indifferent_access
+          encoded_payload    = jwt.fetch("payload")
           serialized_payload = base64_decode(jwt.fetch("payload"))
           payload            = JSON.parse(serialized_payload)
           verified           = []
@@ -125,16 +131,16 @@ module JWT
           jwt.fetch("signatures").each do |jws|
             key_id = jws.fetch("header").fetch("kid")
-            if public_keychain.key?(key_id)
-              verify_jws(jws, payload, public_keychain, options)
+            if keychain.key?(key_id)
+              verify_jws(jws, encoded_payload, public_keychain, options)
               verified << key_id
             else
               unverified << key_id
             end
           end
           { payload:    payload.deep_symbolize_keys,
-            verified:   verified.uniq,
-            unverified: unverified.uniq }
+            verified:   verified.uniq.map(&:to_sym),
+            unverified: unverified.uniq.map(&:to_sym) }
         end
       end
@@ -188,14 +194,12 @@ module JWT
       # @return [Hash]
       #   Returns payload if signature is valid.
       # @raise [JWT::DecodeError]
-      def verify_jws(jws, payload, public_keychain, options = {})
+      def verify_jws(jws, encoded_payload, public_keychain, options = {})
         proxy_exception JWT::DecodeError do
           encoded_header     = jws.fetch("protected")
           serialized_header  = base64_decode(encoded_header)
-          serialized_payload = payload.to_json
-          encoded_payload    = base64_encode(serialized_payload)
           signature          = jws.fetch("signature")
-          public_key         = public_keychain.fetch(jws.fetch("header").fetch("kid"))
+          public_key         = public_keychain.with_indifferent_access.fetch(jws.fetch("header").fetch("kid"))
           jwt                = [encoded_header, encoded_payload, signature].join(".")
           algorithm          = JSON.parse(serialized_header).fetch("alg")
           JWT.decode(jwt, to_pem_or_key(public_key, algorithm), true, options.merge(algorithms: [algorithm])).first
@@ -235,7 +239,7 @@ module JWT
       # @param string [String]
       # @return [String]
       def base64_encode(string)
-        JWT::Encode.base64url_encode(string)
+        JWT::Base64.url_encode(string)
       end
       #
@@ -244,7 +248,7 @@ module JWT
       # @param string [String]
       # @return [String]
       def base64_decode(string)
-        JWT::Decode.base64url_decode(string)
+        JWT::Base64.url_decode(string)
       end
     end
   end

data/lib/jwt-multisig/version.rb CHANGED

@@ -3,6 +3,6 @@
 module JWT
   module Multisig
-    VERSION = "1.0.0.beta.2"
+    VERSION = "1.0.4"
   end
 end

data/test/test-jws-verificator.rb CHANGED

@@ -74,12 +74,13 @@ class JWSVerificatorTest < Test::Unit::TestCase
 private
   def example(jws, payload, options, expected)
+    encoded_payload = JWT::Base64.url_encode(JSON.dump(payload))
     # Pass instance of OpenSSL::PKey::PKey.
-    returned = JWT::Multisig.verify_jws(JSON.parse(jws), payload, public_keychain, options)
+    returned = JWT::Multisig.verify_jws(JSON.parse(jws), encoded_payload, public_keychain, options)
     assert_equal expected, JSON.dump(returned)
     # Pass key in PEM format.
-    returned = JWT::Multisig.verify_jws(JSON.parse(jws), payload, public_keychain, options)
+    returned = JWT::Multisig.verify_jws(JSON.parse(jws), encoded_payload, public_keychain, options)
     assert_equal expected, JSON.dump(returned)
   end
 end

data/test/test-jwt-verificator.rb CHANGED

@@ -31,6 +31,15 @@ class JWTVerificatorTest < Test::Unit::TestCase
     example jwt, {}, {}, %({"payload":{"xxx":"zzz"},"verified":[],"unverified":["hoegerrenner.info","powlowski.info"]})
   end
+  def test_both_symbols_and_strings_are_supported
+    jwt      = %({"payload":"eyJpc3MiOiJmb28iLCJiYXIiOnsiYmF6IjoicXV4In19","signatures":[{"protected":"eyJhbGciOiJIUzUxMiJ9","header":{"kid":"ebert.biz"},"signature":"1koPnSwejNF5aCRsqlySX9Td7_gc-dfUkko5G0Svccw-WkBYrwoJJwRJ2Op_-OxjoqSe3ViBGGCbgVUz0khuJQ"},{"protected":"eyJhbGciOiJIUzI1NiJ9","header":{"kid":"wisoky.co"},"signature":"AqtFKTlaVDqg2dOfLBODMhcBlg1gm9ejn6hYQynTyto"},{"protected":"eyJhbGciOiJSUzM4NCJ9","header":{"kid":"hoegerrenner.info"},"signature":"LR9TpJTLwgducdCkN1KmfwXXxd3pp7Xe5fJXJZZM8FVrFrVOEAGQcPnMPIgfPA1UckIXnzih46j4qPOQdotVHEvYvUuvLLT8QQi8y6-vBMlsP-cQehKGpI1T4N5qPzvJqPmhVzZYedWzlvr-VV9wd0BYeBgr65m9BSpFjLFhWVH4NJZuHFPxeYuDEpYoM-lPHdTzdf1E8xd_xwbpz9WpNh0MQib387-wakGWz-UGt9BmJLU8KV01FTAoR0EO9rQfIm5HQ3wGQ7t8U4N4HsOmsXkWF_fRgxjhMHeChDES2awwB4G4KCNw-6ezSBCD7FZcxzbCL2657OEPHNuHA36M91j54jjm1tweYhYJxuUOk5c8j_wSxtieeaORCxOrPp3mshHS_FE0sI_TNNBsIDI_sQwiS08y3d6tv7H4a_MZj_Pe7JWJ3TXlcsaSHy3xuSLYxCZQeLBwJtyz2ERCZOA9ew0BY34tpRwDKxbgF51X7t7uilYxnBn2rBdQeWQKb9q2"}]})
+    keychain = {
+      "hoegerrenner.info": public_keychain["hoegerrenner.info"],
+      "wisoky.co": public_keychain["wisoky.co"],
+      "ebert.biz" => public_keychain["ebert.biz"] }
+    example jwt, keychain, { iss: "foo" }, %({"payload":{"iss":"foo","bar":{"baz":"qux"}},"verified":["ebert.biz","wisoky.co","hoegerrenner.info"],"unverified":[]})
+  end
 private
   def example(jwt, keychain, options, expected)

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: jwt-multisig
 version: !ruby/object:Gem::Version
-  version: 1.0.0.beta.2
+  version: 1.0.4
 platform: ruby
 authors:
 - RubyKube
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2018-03-28 00:00:00.000000000 Z
+date: 2020-10-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: jwt
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '2.1'
+        version: '2.2'
 - !ruby/object:Gem::Dependency
   name: activesupport
   requirement: !ruby/object:Gem::Requirement
@@ -31,9 +31,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
@@ -41,23 +38,20 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '4.0'
-    - - "<"
-      - !ruby/object:Gem::Version
-        version: '6.0'
 - !ruby/object:Gem::Dependency
   name: bundler
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.17'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '1.16'
+        version: '1.17'
 description: The tool for working with JWT signed by multiple verificators as per
   RFC 7515. Based on the RubyGem «jwt» under the hood.
 email: support@rubykube.io
@@ -65,6 +59,7 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".drone.yml"
 - ".gitignore"
 - ".rubocop.yml"
 - ".ruby-version"
@@ -98,19 +93,12 @@ required_ruby_version: !ruby/object:Gem::Requirement
       version: '0'
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
-  - - ">"
+  - - ">="
     - !ruby/object:Gem::Version
-      version: 1.3.1
+      version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.3
+rubygems_version: 3.0.3
 signing_key:
 specification_version: 4
 summary: The tool for working with multi-signature JWT.
-test_files:
-- test/test-helper.rb
-- test/test-jws-generator.rb
-- test/test-jws-verificator.rb
-- test/test-jwt-editor.rb
-- test/test-jwt-generator.rb
-- test/test-jwt-verificator.rb
+test_files: []